Skip to content

J
jumpserver
Commit b6fc8b77 authored by ibuler's avatar ibuler
Browse files
Options

change(juse) 修改用户添加流程 

1. 添加新用户,不在为该用户设置密码
2. 强制用户使用key登陆跳板机,为了安全性
3. 更改邮件文案和不发送邮件提示文案
parent caefbdc9
Hide whitespace changes
Inline Side-by-side
Showing with 19 additions and 37 deletions
juser/user_api.py
View file @ b6fc8b77
...@@ -137,7 +137,7 @@ def gen_ssh_key(username, password='', ...@@ -137,7 +137,7 @@ def gen_ssh_key(username, password='',
if authorized_keys: if authorized_keys:
auth_key_dir = os.path.join(home, username, '.ssh') auth_key_dir = os.path.join(home, username, '.ssh')
mkdir(auth_key_dir, username=username , mode=0700) mkdir(auth_key_dir, username=username, mode=0700)
authorized_key_file = os.path.join(auth_key_dir, 'authorized_keys') authorized_key_file = os.path.join(auth_key_dir, 'authorized_keys')
with open(private_key_file+'.pub') as pub_f: with open(private_key_file+'.pub') as pub_f:
with open(authorized_key_file, 'w') as auth_f: with open(authorized_key_file, 'w') as auth_f:
...@@ -146,15 +146,13 @@ def gen_ssh_key(username, password='', ...@@ -146,15 +146,13 @@ def gen_ssh_key(username, password='',
chown(authorized_key_file, username) chown(authorized_key_file, username)
def server_add_user(username, password, ssh_key_pwd='', ssh_key_login_need=True): def server_add_user(username, ssh_key_pwd=''):
""" """
add a system user in jumpserver add a system user in jumpserver
在jumpserver服务器上添加一个用户 在jumpserver服务器上添加一个用户
""" """
bash("useradd -s '%s' '%s'; echo '%s'; echo '%s:%s' | chpasswd " % bash("useradd -s '%s' '%s'" % (os.path.join(BASE_DIR, 'init.sh'), username))
(os.path.join(BASE_DIR, 'init.sh'), username, password, username, password)) gen_ssh_key(username, ssh_key_pwd)
if ssh_key_login_need:
gen_ssh_key(username, ssh_key_pwd)
def user_add_mail(user, kwargs): def user_add_mail(user, kwargs):
...@@ -171,7 +169,7 @@ def user_add_mail(user, kwargs): ...@@ -171,7 +169,7 @@ def user_add_mail(user, kwargs):
您的web登录密码: %s 您的web登录密码: %s
您的ssh密钥文件密码: %s 您的ssh密钥文件密码: %s
密钥下载地址: %s/juser/key/down/?uuid=%s 密钥下载地址: %s/juser/key/down/?uuid=%s
说明: 请登陆后再下载密钥 说明: 请登陆跳板机后台下载密钥, 然后使用密钥登陆跳板机
""" % (user.name, user.username, user_role.get(user.role, u'普通用户'), """ % (user.name, user.username, user_role.get(user.role, u'普通用户'),
kwargs.get('password'), kwargs.get('ssh_key_pwd'), URL, user.uuid) kwargs.get('password'), kwargs.get('ssh_key_pwd'), URL, user.uuid)
send_mail(mail_title, mail_msg, MAIL_FROM, [user.email], fail_silently=False) send_mail(mail_title, mail_msg, MAIL_FROM, [user.email], fail_silently=False)
...@@ -185,27 +183,17 @@ def server_del_user(username): ...@@ -185,27 +183,17 @@ def server_del_user(username):
bash('userdel -r %s' % username) bash('userdel -r %s' % username)
def get_display_msg(user, password, ssh_key_pwd, ssh_key_login_need, send_mail_need): def get_display_msg(user, password, ssh_key_pwd, send_mail_need=False):
if send_mail_need: if send_mail_need:
msg = u'添加用户 %s 成功! 用户密码已发送到 %s 邮箱!' % (user.name, user.email) msg = u'添加用户 %s 成功! 用户密码已发送到 %s 邮箱!' % (user.name, user.email)
return msg
if ssh_key_login_need:
msg = u"""
跳板机地址: %s
用户名:%s
密码:%s
密钥密码:%s
密钥下载url: %s/juser/key/down/?uuid=%s
该账号密码可以登陆web和跳板机。
""" % (URL, user.username, password, ssh_key_pwd, URL, user.uuid)
else: else:
msg = u""" msg = u"""
跳板机地址: %s \n 跳板机地址: %s <br />
用户名:%s \n 用户名:%s <br />
密码:%s \n 密码:%s <br />
密钥密码:%s <br />
密钥下载url: %s/juser/key/down/?uuid=%s <br />
该账号密码可以登陆web和跳板机。 该账号密码可以登陆web和跳板机。
""" % (URL, user.username, password) """ % (URL, user.username, password, ssh_key_pwd, URL, user.uuid)
return msg return msg
juser/views.py
View file @ b6fc8b77
...@@ -153,8 +153,7 @@ def user_add(request): ...@@ -153,8 +153,7 @@ def user_add(request):
ssh_key_pwd = PyCrypt.gen_rand_pass(16) ssh_key_pwd = PyCrypt.gen_rand_pass(16)
extra = request.POST.getlist('extra', []) extra = request.POST.getlist('extra', [])
is_active = False if '0' in extra else True is_active = False if '0' in extra else True
ssh_key_login_need = True send_mail_need = True if '1' in extra else False
send_mail_need = True if '2' in extra else False
try: try:
if '' in [username, password, ssh_key_pwd, name, role]: if '' in [username, password, ssh_key_pwd, name, role]:
...@@ -176,7 +175,7 @@ def user_add(request): ...@@ -176,7 +175,7 @@ def user_add(request):
ssh_key_pwd=ssh_key_pwd, ssh_key_pwd=ssh_key_pwd,
is_active=is_active, is_active=is_active,
date_joined=datetime.datetime.now()) date_joined=datetime.datetime.now())
server_add_user(username, password, ssh_key_pwd, ssh_key_login_need) server_add_user(username, ssh_key_pwd)
user = get_object(User, username=username) user = get_object(User, username=username)
if groups: if groups:
user_groups = [] user_groups = []
...@@ -193,7 +192,7 @@ def user_add(request): ...@@ -193,7 +192,7 @@ def user_add(request):
else: else:
if MAIL_ENABLE and send_mail_need: if MAIL_ENABLE and send_mail_need:
user_add_mail(user, kwargs=locals()) user_add_mail(user, kwargs=locals())
msg = get_display_msg(user, password, ssh_key_pwd, ssh_key_login_need, send_mail_need) msg = get_display_msg(user, password, ssh_key_pwd, send_mail_need)
return my_render('juser/user_add.html', locals(), request) return my_render('juser/user_add.html', locals(), request)
...@@ -361,7 +360,7 @@ def user_edit(request): ...@@ -361,7 +360,7 @@ def user_edit(request):
admin_groups = request.POST.getlist('admin_groups', []) admin_groups = request.POST.getlist('admin_groups', [])
extra = request.POST.getlist('extra', []) extra = request.POST.getlist('extra', [])
is_active = True if '0' in extra else False is_active = True if '0' in extra else False
email_need = True if '2' in extra else False email_need = True if '1' in extra else False
user_role = {'SU': u'超级管理员', 'GA': u'部门管理员', 'CU': u'普通用户'} user_role = {'SU': u'超级管理员', 'GA': u'部门管理员', 'CU': u'普通用户'}
if user_id: if user_id:
......
templates/juser/user_add.html
View file @ b6fc8b77
...@@ -28,7 +28,7 @@ ...@@ -28,7 +28,7 @@
<div class="alert alert-warning text-center">{{ error }}</div> <div class="alert alert-warning text-center">{{ error }}</div>
{% endif %} {% endif %}
{% if msg %} {% if msg %}
<div class="alert alert-success text-center">{{ msg }}</div> <div class="alert alert-success">{{ msg | safe }}</div>
{% endif %} {% endif %}
<div class="form-group"> <div class="form-group">
<label for="username" class="col-sm-2 control-label">用户名<span class="red-fonts">*</span></label> <label for="username" class="col-sm-2 control-label">用户名<span class="red-fonts">*</span></label>
...@@ -99,14 +99,9 @@ ...@@ -99,14 +99,9 @@
<label><input type="checkbox" value="0" name="extra" >禁用 </label> <label><input type="checkbox" value="0" name="extra" >禁用 </label>
</div> </div>
</div> </div>
{# <div class="col-sm-2">#}
{# <div class="checkbox i-checks">#}
{# <label><input type="checkbox" value="1" name="extra">ssh key登录 </label>#}
{# </div>#}
{# </div>#}
<div class="col-sm-2"> <div class="col-sm-2">
<div class="checkbox i-checks"> <div class="checkbox i-checks">
<label><input type="checkbox" value="2" name="extra">发送邮件 </label> <label><input type="checkbox" value="1" name="extra" checked>发送邮件 </label>
</div> </div>
</div> </div>
</div> </div>
......
templates/juser/user_edit.html
View file @ b6fc8b77
...@@ -116,7 +116,7 @@ ...@@ -116,7 +116,7 @@
</div> </div>
<div class="col-sm-2"> <div class="col-sm-2">
<div class="checkbox i-checks"> <div class="checkbox i-checks">
<label><input type="checkbox" value="2" name="extra">发送邮件 </label> <label><input type="checkbox" value="1" name="extra">发送邮件 </label>
</div> </div>
</div> </div>
</div> </div>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment